Compile time support: - AppArmor support is disabled - AppImage support is enabled - bind support is enabled - chroot support is enabled - file and directory whitelisting support is enabled - file transfer support is enabled - git install support is enabled - networking support is enabled - overlayfs support is enabled - private-home support is enabled - seccomp-bpf support is enabled - user namespace support is enabled - X11 sandboxing support is enabled

So, I was hoping this could be fixed? Or could someone tell me what to do to get firejail to play nice with Palemoon again?

New Tobin Paradigm wrote:I don't know what you expect us to do about it.. We didn't create nor have any ties to firejail.. Have you asked them? Also, sandboxing Pale Moon is a terrible idea.. It can cause issues.

Strange answer.Why would sandboxing pale moon be a bad idea and not for other browsers.?.That is exactly what firejail is designed to do so your response is puzzling to say the least.Best wishes.

Moonraker wrote:Why would sandboxing pale moon be a bad idea and not for other browsers.?.That is exactly what firejail is designed to do so your response is puzzling to say the least.

Sandboxing any browser is a bad idea. Browsers have their own advanced security measures because they are designed to load and display untrusted remote content -- as a result it's a similar situation as running multiple antivirus suites concurrently.

Improving Mozilla code: You know you're on the right track with code changes when you spend the majority of your time deleting code.

Hello,to elaborate a bit:1) yes, it was reported on firejail BTS. A person with the same avatar as the first poster of this thread2) in fact, palemoon is started and runs, but the main window never opens3) given ALL the dirty tricks used to collect personal data from GAFA and associated enterprises, I have one separate profile for each of them; while the non-firejailed version never got any cookie or login or password from them.

Do you have any idea of changes between 27.9 and 27.9.1 which could have broken the GUI interface ? It is the first time this occurs since I use firejail.

Could somebody be so kind as to elaborate just what firejail is actually for and its purpose,.?Judging by previous posts it would appear sandboxing/firejailing a browser is not a good idea.So if sandboxing a browser is a bad idea then why would we assume any form of sandboxing is a good idea.?does this not put the actual usefulness and purpose of the program into question.

Hello, to my eyes, the important point is that the target program, whatever it is, runs in a chrooted environment. In the case of a browser, I use a chrooted env for specific sessions. When the browser starts in such a fresh environment, there is no single trace (history, cookies, ...) of previous browsing. Even no settings nor extensions. This makes cross-sites information leakage impossible, as one session can not play with cookies from another session. There is insulation at the file system level. The number of extensions is kept at a minimum, to counteract browser fingerprinting.

So I use palemoon inside a firejail environment to protect my privacy. I live in Europe. I had concerns since a long time about Facebook and its "interesting" content. I believed it was some way to make the visit longer and serve you more ads. In the previous month, with the Cambridge Analytica revelations, it appears that the "interesting" content was just psychological tests in disguise. As a scientist, I have no concerns participating in a test conducted with ethic, meaning e.a. informing the patient. In the case of Facebook, firejail permitted me to pro-actively defend myself against this data collection.

Another issue is about travel site looking at your previous browsing history. You go there ? We have the right car and the right hotel. Cross-site and cookies interchange. Once again solved by firejail.

Basically, I consider Palemoon as a very good browser and that all due diligence is made about safety. But there are so many companies targeting your personal information in hidden ways or using regular cookies that browser security is not enough. Forcing amnesia between sessions is another line of defense.

Regards

Pascal

Last edited by CdeMills on Wed, 09 May 2018, 22:51, edited 1 time in total.

Now a side question. I looked at the changes between 27.9 and 27.9.1. I noticed there are two changes about cairo in Windows. But then, under linux, "ldd `which palemoon`" shows no trace of calls to libcairo. In linux, do you use your own embedded lib or the system-wide lib ?

CdeMills wrote:Hello, to my eyes, the important point is that the target program, whatever it is, runs in a chrooted environment. In the case of a browser, I use a chrooted env for specific sessions. When the browser starts in such a fresh environment, there is no single trace (history, cookies, ...) of previous browsing. Even no settings nor extensions. This makes cross-sites information leakage impossible, as one session can not play with cookies from another session. There is insulation at the file system level. The number of extensions is kept at a minimum, to counteract browser fingerprinting.

So I use palemoon inside a firejail environment to protect my privacy. I live in Europe. I had concerns since a long time about Facebook and its "interesting" content. I believed it was some way to make the visit longer and serve you more ads. In the previous month, with the Cambridge Analytica revelations, it appears that the "interesting" content was just psychological tests in disguise. As a scientist, I have no concerns participating in a test conducted with ethic, meaning e.a. informing the patient. In the case of Facebook, firejail permitted me to pro-actively defend myself against this data collection.

Another issue is about travel site looking at your previous browsing history. You go there ? We have the right car and the right hotel. Cross-site and cookies interchange. Once again solved by firejail.

Basically, I consider Palemoon as a very good browser and that all due diligence is made about safety. But there are so many companies targeting your personal information in hidden ways or using regular cookies that browser security is not enough. Forcing amnesia between sessions is another line of defense.

CdeMills wrote:Hello, to my eyes, the important point is that the target program, whatever it is, runs in a chrooted environment. In the case of a browser, I use a chrooted env for specific sessions. When the browser starts in such a fresh environment, there is no single trace (history, cookies, ...) of previous browsing. Even no settings nor extensions. This makes cross-sites information leakage impossible, as one session can not play with cookies from another session. There is insulation at the file system level. The number of extensions is kept at a minimum, to counteract browser fingerprinting.

This can be accomplished by using separate profiles for separate forums. E.g. to launch the profile for this forum, I run palemoon -new-instance -p palemoon Note that you have to create a "palemoon" profile ahead of time. The "-new-instance" insures that the correct profile is launched. Since each profile is a separate directory in "$HOME/.moonchild productions", cookies cannot be linked between profiles, of which I have approx 20. Note that "-no-remote" can be used instead of "-new-instance". In Pale Moon Tools/Preferences"Home Page" you can specify a list of URLs for the profile separated by space-pipe-space; e.g. the following is one long line for my "palemoon" profile...

Is it the case that resolving the failure of Pale Moon 27.9.1 to work with Firejail will remain entirely the responsibility of individual users or is there likely to be an official solution in the next version of Pale Moon?

mrabc wrote:Is it the case that resolving the failure of Pale Moon 27.9.1 to work with Firejail will remain entirely the responsibility of individual users or is there likely to be an official solution in the next version of Pale Moon?

It will remain the case for the individual users to fix until firejail fixes this on their end.We can't do anything about this. There's nothing wrong with Pale Moon.

Improving Mozilla code: You know you're on the right track with code changes when you spend the majority of your time deleting code.

mrabc wrote:Is it the case that resolving the failure of Pale Moon 27.9.1 to work with Firejail will remain entirely the responsibility of individual users or is there likely to be an official solution in the next version of Pale Moon?

It will remain the case for the individual users to fix until firejail fixes this on their end.We can't do anything about this. There's nothing wrong with Pale Moon.